> ## Documentation Index
> Fetch the complete documentation index at: https://docs.piriod.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate requests against the Piriod API.

The Piriod API uses **API tokens** combined with a **workspace header**.

## API tokens

Tokens are obtained from the Piriod dashboard (Settings → API tokens). Pass the
token on every request:

```http theme={null}
Authorization: Token sk_live_xxxxxxxxxxxxxxxxxxxxxxxx
```

Do not include the token in client-side code. Treat it as a secret.

<Warning>
  Each user has at most one active API token. Generating a new token from the
  dashboard invalidates the previous one.
</Warning>

## Workspace header

Piriod is multi-workspace: a single user can belong to several accounts. Every
request must declare which workspace it operates on:

```http theme={null}
x-simple-workspace: acc_01H8XYZ123ABC
```

Requests without this header (or with a workspace the user does not belong to)
return `400` or `403`.

## Test mode

Set `x-piriod-test-mode: true` to operate against test data — separate from your
production data. Resources created in test mode are returned only when this
header is `true`.

```http theme={null}
x-piriod-test-mode: true
```

## Publishable keys (payment links)

Hosted payment-link endpoints under `/publishable/payment_links/...` are
designed to be called from the browser using the link's `publishable_key`.
These endpoints do not require `Authorization: Token`. They are read-only
or limited to payment-intent operations.

## Putting it all together

```bash theme={null}
curl https://api.piriod.com/invoices/ \
  -H "Authorization: Token sk_live_xxxxx" \
  -H "x-simple-workspace: acc_01H8XYZ123ABC" \
  -H "x-piriod-test-mode: false"
```
